Package: openssh-server Version: 1:4.2p1-8 Severity: important After replacing ssh with openssh-server, accounts with empty password become accessable when libpam-modules is too old. This can be corrected by upgrading to a newer libpam-modules.
To reproduce the problem, downgrade to libpam-modules 0.72-35 (oldstable). The problem does not occur with version 0.76-22 (stable) or newer. A fix would be to change Depends: libpam-modules (>= 0.72.9) to at least (>= 0.76-22). -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686-smp Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-15) Versions of packages openssh-server depends on: ii adduser 3.47 Add and remove users and groups ii debconf [debc 1.4.67 Debian configuration management sy ii dpkg 1.13.11.0.1 package maintenance system for Deb ii libc6 2.3.5-13 GNU C Library: Shared libraries an ii libcomerr2 1.34+1.35-WIP-2003.08.21-3 The Common Error Description libra ii libkrb53 1.4.3-5 MIT Kerberos runtime libraries ii libpam-module 0.79-3.1 Pluggable Authentication Modules f ii libpam-runtim 0.79-3.1 Runtime support for the PAM librar ii libpam0g 0.76-6 Pluggable Authentication Modules l ii libselinux1 1.30-1 SELinux shared libraries ii libssl0.9.8 0.9.8a-5 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii openssh-clien 1:4.2p1-8 Secure shell client, an rlogin/rsh ii zlib1g 1:1.2.3-9 compression library - runtime openssh-server recommends no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
